packages
-
Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages
Cybersecurity researchers have found that it’s possible for threat actors to exploit a well-known utility called command-not-found to recommend their…
Read More » -
CISA and OpenSSF Release Framework for Package Repository Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it’s partnering with the Open Source Security Foundation (OpenSSF) Securing…
Read More » -
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been…
Read More » -
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys…
Read More » -
Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows…
Read More » -
Threat Actors Increasingly Abusing GitHub for Malicious Purposes
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host…
Read More » -
Three Ways To Supercharge Your Software Supply Chain Security
Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the…
Read More » -
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a…
Read More » -
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat…
Read More »